Saturday, November 18, 2017

I’m telling my Computer Security students that keeping the default settings is never a good idea.
Pentagon Accidentally Exposes Web-Monitoring Operation
The Department of Defense accidentally exposed an intelligence-gathering operation, thanks to an online storage misconfiguration.
DOD was reportedly collecting billions of public internet posts from social media, news sites, and web forums and storing them on Amazon S3 repositories. But it neglected to make those storage servers private. So anyone with a free Amazon AWS account could browse and download the data, according to Chris Vickery, a security researcher at UpGuard.
Vickery noticed the problem in September. "The data exposed in one of the three buckets is estimated to contain at least 1.8 billion posts of scraped internet content over the past 8 years," UpGuard said in a Friday report.
Much of the data was scraped from news sites, web forums, and social media services such as Facebook and Twitter. The information includes content relating to Iraqi and Pakistani politics and ISIS, but also social media posts made by Americans.
… The Defense Department isn't the only one to commit the security slip-up with AWS cloud storage. Earlier this year, UpGuard found that Verizon and Dow Jones made the same mistake, effectively exposing their private customer data to the public.

How to victimize victims. (And another federal agency that’s clueless when it comes to security breaches.)
Rachel Polansky reports:
Dozens of Southwest Floridians are sick and tired of waiting for answers from FEMA after being hit by Hurricane Irma and then, identity thieves.
A month after the NBC2 Investigators exposed a major scheme involving criminals stealing local identities to defraud the federal government, the NBC2 Investigators are finally getting answers from FEMA.
Read more on NBC-2.
[From the article:
… the agency couldn't confirm this earlier because they wanted to protect the integrity of the investigation.

This probably happens here and goes unreported. (undetected?)
Reuters reports:
Italian police are investigating a hack into the email accounts of government employees by activist group Anonymous, which then published documents it had extracted.
On its Italian blog Anonymous uploaded a screenshot of an email purportedly sent from a government email address to an employee of the prime minister’s office containing the names of a security detail that would accompany an official inspection at a site Prime Minister Paolo Gentiloni is due to visit this week.
Read more on Reuters. See also is not linking to Anonymous’s blog post so as not to facilitate leaking of the allegedly hacked data.

Oh they’re getting serious. They wrote a letter!
House panel hits Equifax with long list of investigation demands
The House Energy and Commerce Committee has sent Equifax a long list of questions related to the breach that compromised more than 100 million people's personal information.
The letter, dated Friday, contains seven pages of document requests and questions as part of the panel's investigation, nearly a full page of which is devoted to documents.
Click here to read the full letter.

Good intent? Bad outcome. Of course it could never happen here…
Germany: Please Destroy Your Child's Smartwatch
A German regulator is banning the sale of certain smartwatches designed for children because they can be used for spying. Parents who own such products should destroy them, the country's Federal Network Agency said in a Friday notice.
These watches include a listening function that lets parents monitor their child over a mobile app on a smartphone. However, that same feature can let them secretly eavesdrop on any surrounding conversation close to the watch—like listening to a teacher in a classroom. German law prohibits this kind of function, the Federal Network Agency said.

For my Computer Security students.
Why the Entire C-Suite Needs to Use the Same Metrics for Cyber Risk
When it comes to cybersecurity, the chains of communication that exist within an organization, if they exist at all, are often a mess. Multiple conversations about cyber risks are happening across a multitude of divisions in isolation. At the same time, members of the C-suite are measuring their potential impact using different metrics — financial, regulatory, technical, operational — leading to conflicting assessments. CEOs must address these disconnects by creating a culture that promotes open communication and transparency about vulnerabilities and collaboration to address the exposures.

Tips for your business plan?
Surviving in an Increasingly Digital Ecosystem
Every large and ambitious company today should be trying to figure out how to become a destination for its customers.

Worth getting my students thinking about their searches.

Something for the Movie club?
MoviePass Launches Annual Subscription Plan For Under $8 A Month: That’s Lower Than The Average Movie Ticket Price
For a limited time, MoviePass is offering a one-year subscription plan for a flat fee of $89.95, which translates to $7.50 a month (that price already includes a $6.55 processing fee). That price is under this year’s 3Q average movie ticket, which the National Association of Theater Owners pegged at $8.93.

Friday, November 17, 2017

No surprise. They do, we do, everybody do.
China May Delay Vulnerability Disclosures For Use in Attacks
The NSA and CIA exploit leaks have thrown the spotlight on US government stockpiles of 0-day exploits -- and possibly led to this week's government declassification of the Vulnerabilities Equities Policy (VEP) process used to decide whether to disclose or retain the exploits it discovers.
There is no doubt that other nations also hold stockpiles of exploits; but there has been little public information on this. While not being a stockpile per se, Recorded Future has today published research suggesting that China delays disclosure of known critical vulnerabilities, sometimes to enable their immediate use by APT groups with probable Chinese government affiliation.
[Yesterday’s Whitehouse announcement:

I think it’s much as you would expect. You don’t need to be a security expert, you can hire all the expertise you need.
The Board’s Role in Managing Cybersecurity Risks
… Corporate boards of directors are expected to ensure cybersecurity, despite the fact that most boards are unprepared for this role. A 2017-2018 survey by the National Association of Corporate Directors (NACD) found that 58% of corporate board member respondents at public companies believe that cyber-related risk is the most challenging risk they are expected to oversee. The ability of companies to manage this risk has far-reaching implications for stock prices, company reputations, and the professional reputations of directors themselves.

Privacy ain’t easy? About time you figured that out.
Beyond GDPR: The Challenge of Global Privacy Compliance
TechPrivacy – Daniel Solove: “For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the lead role in guiding the practices of multinational organizations. These days, it is the new General Data Protection Regulation (GDPR) from the EU that has been the focus of privacy professionals’ days and nights …and even dreams. As formidable as the GDPR is, only aiming to comply with the GDPR will be insufficient for a worldwide privacy compliance strategy. True, the GDPR is one of the strictest privacy laws in the world, but countries around the world have other very strict laws. The bottom line is that international privacy compliance is incredibly hard. This is what Lothar Determann focuses on. For nearly 20 years, Determann has combined scholarship and legal practice. In addition to being a partner at Baker & McKenzie, Lothar has taught data privacy law at many schools including Freie Universit├Ąt Berlin, UC Berkeley School of Law, Hastings College of the Law, Stanford Law School, and University of San Francisco School of Law. He has written more than 100 articles and 5 books, including a treatise about California Privacy Law. Hot off the press is the new third edition of Lothar Determann’s terrific guide, Determann’s Field Guide to Data Privacy Law: International Corporate Compliance. Determann has produced an incredibly useful synthesis of privacy law from around the globe. Covering so many divergent international privacy laws could take thousands of pages, but Determann’s guide is remarkably concise and practical. With great command of the laws and decades of seasoned experience, Determann finds the common ground and the wisest approaches to compliance. This is definitely an essential reference for anyone who must navigate privacy challenges in the global economy…”

Where President Trump goes the other way and creates a more outrageous tweet for journalists to spend their time commenting on…
China is perfecting a new method for suppressing dissent on the internet
The art of suppressing dissent has been perfected over the years by authoritarian governments. For most of human history, the solution was simple: force. Punish people severely enough when they step out of line and you deter potential protesters.
But in the age of the internet and “fake news,” there are easier ways to tame dissent.
A new study by Gary King of Harvard University, Jennifer Pan of Stanford University, and Margaret Roberts of the University of California San Diego suggests that China is the leading innovator on this front. Their paper, titled “How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, Not Engaged Argument,” shows how Beijing, with the help of a massive army of government-backed internet commentators, floods the web in China with pro-regime propaganda.
What’s different about China’s approach is the content of the propaganda. The government doesn’t refute critics or defend policies; instead, it overwhelms the population with positive news (what the researchers call “cheerleading” content) in order to eclipse bad news and divert attention away from actual problems.

Better artificial than none at all?
How Artificial Intelligence Will Affect the Practice of Law
Alarie, Benjamin and Niblett, Anthony and Yoon, Albert, How Artificial Intelligence Will Affect the Practice of Law (November 7, 2017). Available at SSRN:
“Artificial intelligence is exerting an influence on all professions and industries. We have autonomous vehicles, instantaneous translation among the world’s leading languages, and search engines that rapidly locate information anywhere on the web in a way that is tailored to a user’s interests and past search history. Law is not immune from disruption by new technology. Software tools are beginning to affect various aspects of lawyers’ work, including those tasks that historically relied upon expert human judgment, such as predicting court outcomes. These new software tools present new challenges and new opportunities. In the short run, we can expect greater legal transparency, more efficient dispute resolution, improved access to justice, and new challenges to the traditional organization of private law firms delivering legal services on a billable hour basis through a leveraged partner-associate model. With new technology, lawyers will be empowered to work more efficiently, deepen and broaden their areas of expertise, and provide more value to clients. These developments will predictably transform both how lawyers do legal work and resolve disputes on behalf of their clients. In the longer term, it is difficult to predict the impact of artificially intelligent tools will be, as lawyers incorporate them into their practice and expand their range of services on behalf of clients”

Looking for a complete toolkit?

Thursday, November 16, 2017

It’s not lying, it’s not volunteering the truth. (I don’t see this on
Trump administration releases rules on disclosing cyber flaws
The Trump administration publicly released on Wednesday its rules for deciding whether to disclose cyber security flaws or keep them secret, in an effort to bring more transparency to a process that has long been cloaked in mystery.

(Related). Possibly?
Microsoft Patches 17 Year-Old Vulnerability in Office
Microsoft on Tuesday released its November 2017 security updates to resolve 53 vulnerabilities across products, including a security bug that has impacted all versions of its Microsoft Office suite over the past 17 years.
Tracked as CVE-2017-11882, the vulnerability resides in the Microsoft Equation Editor (EQNEDT32.EXE), a tool that provides users with the ability to insert and edit mathematical equations inside Office documents.
The bug was discovered by Embedi security researchers as part of very old code in Microsoft Office. The vulnerable version of EQNEDT32.EXE was compiled on November 9, 2000, “without essential protective measures,” the researchers say.
Although the component was replaced in Office 2007 with new methods of displaying and editing equations, Microsoft kept the vulnerable file up and running in the suite, most likely to ensure compatibility with older documents.
The component is an OutPorc COM server executed in a separate address space. This means that security mechanisms and policies of the Office processes do not affect exploitation of the vulnerability in any way, which provides an attacker with a wide array of possibilities,” Embedi notes in a research paper (PDF).

Perhaps a war game rather than a Final exam?
Companies Turn to War Games to Spot Scarce Cybersecurity Talent
A major shipping company is under attack. With help from a corrupt executive, an international hacking syndicate called Scorpius, has penetrated the computer networks of Fast Freight Ltd. The hackers have taken control of servers and compromised the systems that control Fast Freight’s vessels and its portside machinery. The company’s cybersecurity consultants have 48 hours to uncover the breach and repulse the attackers before they cripple Fast Freight’s business and cause serious economic damage.
It sounds like the plot to a blockbuster thriller. But this was the fictional scenario 42 budding computer security experts faced at the annual U.K. Cyber Security Challenge competition earlier this week in London. With demand for cybersecurity expertise exploding, but qualified people in short supply, war-gaming competitions like this have become key recruiting grounds for companies and government security agencies.
… There are about 1 million unfilled cybersecurity jobs globally, according to an estimate from Cisco.
… It’s this gap that Cyber Security Challenge U.K., a non-profit organization set up by the British government with support from corporations and universities, is supposed to help fill.

Includes some tips for defense attorneys…
EFF’s Street-Level Surveillance Project Dissects Police Technology
“Step onto any city street and you may find yourself subject to numerous forms of police surveillance—many imperceptible to the human eye. A cruiser equipped with automated license plate readers (also known as ALPRs) may have just logged where you parked your car. A cell-site simulator may be capturing your cell-phone data incidentally while detectives track a suspect nearby. That speck in the sky may be a drone capturing video of your commute. Police might use face recognition technology to identify you in security camera footage.
EFF first launched its Street-Level Surveillance project in 2015 to help inform the public about the advanced technologies that law enforcement are deploying in our communities, often without any transparency or public process. We’ve scored key victories in state legislatures and city councils, limiting the adoption of these technologies and how they can be used, but the surveillance continues to spread, agency by agency. To combat the threat, EFF is proud to release the latest update to our work: a new mini-site that shines light on a wide range of surveillance technologies, including ALPRs, cell-site simulators, drones, face recognition, and body-worn cameras….”

This headline is distressing…
Google Docs went down for ‘a significant’ number of users for over an hour
Google Docs went down for a little over an hour today for what Google says was a “significant subset of users.” For a product with a user base that reaches into the hundreds of millions at a minimum, that’s certain to mean a huge number of people who experienced a disruption.
Oddly, the outage was limited only to Google Docs — other portions of Drive and G Suite were still working for everyone. And for the people who were still able to access Docs, there didn’t seem to be any problems at all.

(Related) This headline causes real panic!
Google Docs just ate your homework

What causes people to ignore procedure?
Body searches of 900 Georgia students by sheriff’s office leads to $3 million settlement
In April, law enforcement from Georgia’s Worth County descended on a high school and, without a warrant, conducted body searches on an estimated 900 students, touching some students’ genitals and breasts. They said they were searching for drugs. They found none.
A class-action federal lawsuit soon followed, and the sheriff and two deputies were indicted in October in the raid on Worth High School in Sylvester, which is about 170 miles south of Atlanta. On Tuesday, a legal advocacy group, the Southern Center for Human Rights, said a proposed $3 million settlement had been reached in the lawsuit, pending a judge’s approval.
Earlier this week, Gov. Nathan Deal suspended Sheriff Jeff Hobby by executive order pending the outcome of his legal case or until the expiration of his term of office, whichever comes first. Hobby faces charges of sexual battery, false imprisonment and violation of oath of office, the Atlanta Journal-Constitution reported.

I think this covers all the bases and will certainly work, if we can get anyone to take the time to find and read all the information. See the examples!
The Trust Project brings news orgs and tech giants together to tag and surface high-quality news
Thursday marks the launch of The Trust Project, an initiative three years in the making (but feeling oh-so-relevant right about now) that brings together news outlets such as The Washington Post, The Economist, and the Globe and Mail, as well as Facebook, Google, Twitter, and Bing, in a commitment to “provide clarity on the [news organizations’] ethics and other standards, the journalists’ backgrounds, and how they do their work.”
… A team of representatives from dozens of media companies worldwide came up with eight “core indicators”:
Best Practices: What Are Your Standards? Who funds the news outlet? What is the outlet’s mission? Plus commitments to ethics, diverse voices, accuracy, making corrections and other standards.
Author Expertise: Who Reported This? Details about the journalist who wrote the story, including expertise and other stories they have worked on.
Type of Work: What Is This? Labels to distinguish opinion, analysis and advertiser (or sponsored) content from news reports.
Citations and References: For investigative or in-depth stories, greater access to the sources behind the facts and assertions.
Methods: Also for in-depth stories, information about why reporters chose to pursue a
story and how they went about the process.
Locally Sourced? Lets people know when the story has local origin or expertise.
Diverse Voices: A newsroom’s efforts to bring in diverse perspectives.
Actionable Feedback: A newsroom’s efforts to engage the public’s help in setting coverage priorities, contributing to the reporting process, ensuring accuracy and other areas.
… You can check out this Trello board for links to how the Indicators are being incorporated onto various parts of participating publishers’ sites, from “About” pages to author bios to citations and references. And here’s a mockup of an article that contains all of the Indicators.

Excellent collection. I probably would not drop all of this on my website students at one time.
U.S. Web Design Standards + DigitalGov “We’re excited to announce that the U.S. Web Design Standards has moved over to the Office of Products and Platforms (OPP) and joined the new DigitalGov team, effective October 1, 2017. Over the last 10 years, has become an authoritative destination to learn about the methods, practices, policies, and tools needed to create effective digital services in government. It’s where government goes to learn from experience: building, working, communicating, and adapting to the evolving needs of our digital nation. Our mission has been to help people deliver smart, effective digital services in the government. Going forward, we aim to set an example for how government learns, builds, delivers, and measures digital services in the 21st century. The Standards provides an increasingly important service to government modernization. By moving the Standards to OPP under DigitalGov, we are providing the Standards with the financial, organizational, and communications support needed to focus on delivering a high-quality design system and supporting framework for government sites… ”

Perspective. In short, you better get some digital skills. My spreadsheet students should take note!
Report – Digitalization and the American workforce
New analysis by the Brookings Metropolitan Policy Program of more than 500 occupations reveals the rapid pace of their “digitalization” since 2001, suggesting the acquisition of digital skills is now a prerequisite for economic success for American workers, industries, and metropolitan areas.
The report, “Digitalization and the American workforce,” provides a detailed analysis of changes in the digital content of 545 occupations representing 90 percent of the workforce in all industries since 2001, rating each occupation on a digital content scale of 0-100. While the digital content of virtually all jobs has been increasing (the average digital score across all occupations rose 57 percent from 2002 to 2016) occupations in the middle and lower end of the digital skill spectrum have increased digital scores most dramatically. Workers, industries,and metropolitan areas benefit from increased digital skills via enhanced wage growth, higher productivity and pay, and a reduced risk of automation, but adaptive policies are still needed. The report offers recommendations for improving digital education and training while mitigating its potentially harmful effects, such as worker pay disparities and the divergence of metropolitan area economic outcomes. Mark Muro, a senior fellow at Brookings and the report’s author, said, “We definitely need more coders and high-end IT professionals, but it’s just as important that many more people learn the basic tech skills that are needed in virtually every job. That’s the kind of digital inclusion we need. In that respect, not everybody needs to go to a coding bootcamp but they probably do need to know Excel and basic office productivity software and enterprise platforms.”

Perspective. Are my students binge watching in class?
People watch Netflix unabashedly at work (and in public toilets, too)
… About 67% of people now watch movies and TV shows in public, according to an online survey it commissioned of 37,000 adults around the world. It was conducted between late August and early September.
The most popular public places to stream are on planes, buses, or commuting, the survey found. But 26% of respondents also said they’ve binged shows and movies at work.
… Another 17% were so engrossed in a show or movie that they missed their stop on their commute (hopefully not while driving). And 45% said they’d caught someone spying on their screens; 11% said they had a show spoiled after looking on another person’s screen. Only 18% said they felt embarrassed about watching in public.

Think there might be a big market for these?
Profane anti-Trump sticker sparks free-speech debate in Texas
A Texas sheriff reportedly threatened to bring disorderly conduct charges against a truck driver for displaying a profane anti-Trump sticker on the rear window of the vehicle.
Sheriff Troy Nehls in Ford Bend County told the Houston Chronicle that he had received many complaints about the sticker, which read: “F--- TRUMP AND F--- YOU FOR VOTING FOR HIM.”
Nehls posted a photo of the truck and the offending sticker on his Facebook page
… Meanwhile, Nehls’ message on Facebook drew criticism from the ACLU of Texas, which posted on its Facebook page: “Memo to @SheriffTNehls: You can’t prosecute speech just because it contains the word “----” The owner of this truck should contact @ACLUTx”

I’d just like my students to read!
Article – Why doesn’t everyone love reading e-books?
Myrberg, C., (2017). Why doesn’t everyone love reading e-books?. Insights. 30(3), pp.115–125. DOI:
“Why do many students still prefer paper books to e-books? This article summarizes a number of problems with e-books mentioned in different studies by students of higher education, but it also discusses some of the unexploited possibilities with e-books. Problems that students experience with e-books include eye strain, distractions, a lack of overview, inadequate navigation features and insufficient annotation and highlighting functionality. They also find it unnecessarily complicated to download DRM-protected e-books. Some of these problems can be solved by using a more suitable device. For example, a mobile device that can be held in a book-like position reduces eye strain, while a device with a bigger screen provides a better overview of the text. Other problems can be avoided by choosing a more usable reading application. Unfortunately, that is not always possible, since DRM protection entails a restriction of what devices and applications you can choose. Until there is a solution to these problems, I think libraries will need to purchase both print and electronic books, and should always opt for the DRM-free alternative. We should also offer students training on how to find, download and read e-books as well as how to use different devices.”


...and I’m still trying to convince my students to get to class on time. I miss Japan.
Apology after Japanese train departs 20 seconds early
A rail company in Japan has apologised after one of its trains departed 20 seconds early.
Management on the Tsukuba Express line between Tokyo and the city of Tsukuba say they "sincerely apologise for the inconvenience" caused.

Wednesday, November 15, 2017

Another example of encryption poorly implemented?
Forever 21 reveals potential data breach
Forever 21 is investigating a potential data breach which may have compromised customer information and payment cards.
On Tuesday, the US clothing retailer said that the company recently received a tip from a third-party that there "may have been unauthorized access to data from payment cards" at a number of Forever 21 outlets.
… However, the company did reveal that as encryption and token-based authentication systems were implemented back in 2015, "only certain point of sale (PoS) devices in some Forever 21 stores were affected."
According to the firm, a potential compromise may have taken place when encryption "was not in operation" on certain PoS devices, which may suggest older systems or locations where the 2015 rollout did not occur may be at the heart of the security incident.

Michael Geist explains:
The Canada Revenue Agency has obtained a federal court order requiring PayPal to hand over years of transactional information from all business accounts in Canada. The scope of the order is incredibly broad, covering any business account holder who sent or received a payment over a nearly four year period from January 1, 2014 to November 10, 2017.

Dilbert points out a downside to health monitors.

This was never going to be easy.
'Way too little, way too late': Facebook's factcheckers say effort is failing
Journalists working for Facebook say the social media site’s fact-checking tools have largely failed and that the company has exploited their labor for a PR campaign.
Several fact checkers who work for independent news organizations and partner with Facebook told the Guardian that they feared their relationships with the technology corporation, some of which are paid, have created a conflict of interest, making it harder for the news outlets to scrutinize and criticize Facebook’s role in spreading misinformation.
The reporters also lamented that Facebook had refused to disclose data on its efforts to stop the dissemination of fake news.

Elections and social media. (and some excellent graphics)
Report – Manipulating Social Media to Undermine Democracy
Freedom House – Freedom of the Net 2017: Governments around the world have dramatically increased their efforts to manipulate information on social media over the past year. The Chinese and Russian regimes pioneered the use of surreptitious methods to distort online discussions and suppress dissent more than a decade ago, but the practice has since gone global. Such state-led interventions present a major threat to the notion of the internet as a liberating technology. Online content manipulation contributed to a seventh consecutive year of overall decline in internet freedom, along with a rise in disruptions to mobile internet service and increases in physical and technical attacks on human rights defenders and independent media. Nearly half of the 65 countries assessed in Freedom on the Net 2017 experienced declines during the coverage period, while just 13 made gains, most of them minor. Less than one-quarter of users reside in countries where the internet is designated Free, meaning there are no major obstacles to access, onerous restrictions on content, or serious violations of user rights in the form of unchecked surveillance or unjust repercussions for legitimate speech. The use of “fake news,” automated “bot” accounts, and other manipulation methods gained particular attention in the United States. While the country’s online environment remained generally free, it was troubled by a proliferation of fabricated news articles, divisive partisan vitriol, and aggressive harassment of many journalists, both during and after the presidential election campaign. Russia’s online efforts to influence the American election have been well documented, but the United States was hardly alone in this respect. Manipulation and disinformation tactics played an important role in elections in at least 17 other countries over the past year, damaging citizens’ ability to choose their leaders based on factual news and authentic debate. Although some governments sought to support their interests and expand their influence abroad—as with Russia’s disinformation campaigns in the United States and Europe—in most cases they used these methods inside their own borders to maintain their hold on power…”

Perspective. If the professional writers can’t get it right, what hope for my students?
American Press Institute – Time to reinvent social media in newsrooms
“…But as this report will detail, social media teams, on the front lines of both issues, still are largely doing what they’ve done for a decade. A new API survey of 59 U.S. newsrooms conducted for this report shows that posting links to their own content, mostly on Twitter and Facebook, is still by far the top activity of the average social media team. While organizations like Hearken, GroundSource and the Coral Project are working to help newsrooms use social media for audience engagement rather than just for clicks, there is still much progress to be made — in using social platforms as tools to understand communities and to bring audiences into news creation. What’s more, the majority of newsrooms only “sometimes” or “very rarely” address misinformation on social media and comment platforms, our survey shows. And long-term strategies and planning are rare…”

Reading is as hard as writing?
Lateral Reading: Reading Less and Learning More When Evaluating Digital Information
Wineburg, Sam and McGrew, Sarah, Lateral Reading: Reading Less and Learning More When Evaluating Digital Information (October 6, 2017). Stanford History Education Group Working Paper No. 2017-A1. Available at SSRN:
“The Internet has democratized access to information but in so doing has opened the floodgates to misinformation, fake news, and rank propaganda masquerading as dispassionate analysis. To investigate how people determine the credibility of digital information, we sampled 45 individuals: 10 Ph.D. historians, 10 professional fact checkers, and 25 Stanford University undergraduates. We observed them as they evaluated live websites and searched for information on social and political issues. Historians and students often fell victim to easily manipulated features of websites, such as official-looking logos and domain names. They read vertically, staying within a website to evaluate its reliability. In contrast, fact checkers read laterally, leaving a site after a quick scan and opening up new browser tabs in order to judge the credibility of the original site. Compared to the other groups, fact checkers arrived at more warranted conclusions in a fraction of the time. We contrast insights gleaned from the fact checkers’ practices with common approaches to teaching web credibility.”

Maybe I could Tweet instead of Blog?
Those new to Twitter are probably left with tons of questions. What is this site all about? How do I use it? And how can I make the most of it with advanced tips and tricks?
We’ll answer all these questions and more in our complete guide to Twitter. Let’s get started!

Not much on the evening news.
Zimbabwe's Mugabe 'under house arrest' after army takeover
Zimbabwe's military has placed President Robert Mugabe under house arrest in the capital Harare, South African President Jacob Zuma says.
Troops are patrolling the capital, Harare, after they seized state TV and said they were targeting "criminals".
The move may be a bid to replace Mr Mugabe with his sacked deputy, Emmerson Mnangagwa, BBC correspondents say.
Mr Mnangagwa's dismissal last week left Mr Mugabe's wife Grace as the president's likely successor.

Some of my students might be interested.
Free course targets candidates for network engineering jobs
NexGenT is new to the IT boot camp field, so it's promoting itself, offering up a course that helps people prepare for IT careers. The fee? A $5 charity donation.
… The monthlong course, which has a list price of $997, gets help desk technicians, network admins or other IT apprentices ready for CompTIA's Network+ certification, a useful, but not mandatory, credential for getting network engineering jobs.

Extreme, but then it probably has to be.
'Slaughterbots' film shows potential horrors of killer drones
Perhaps the most nightmarish, dystopian film of 2017 didn't come from Hollywood. Autonomous weapons critics, led by a college professor, put together a horror show.
It's a seven-minute video, a collaboration between University of California-Berkeley professor Stuart Russell and the Future of Life Institute that shows a future in which palm-sized, autonomous drones use facial recognition technology and on-board explosives to commit untraceable massacres.

Tuesday, November 14, 2017

Managers can fail, even in China.
Act surprised: OnePlus phones have a hidden backdoor
This is not a good year for OnePlus, as the Chinese smartphone maker had to put several fires out. The most recent issue concerned user privacy, as OnePlus has been found to collect too much data from its phones, the kind of user-identifiable information no smartphone maker should get.
A new report shows that all OnePlus phones that are in use right now, including the OnePlus 5, have a program installed that can be used to root the handset. It’s just like having a backdoor in your phone, which could be used by other apps for spying purposes.
Unlike the user data collection issue, this new PR headache might not be entirely OnePlus’s fault. But it certainly doesn’t look good for the company. Either the firm left the app inside the operating system willingly, fully knowing what it can do, or it did it by mistake. The latter offers OnePlus a plausible excuse, but it also implies there’s a lack of quality assurance testing when it comes to its software.

Perhaps the next product to be banned? (A la Kaspersky Labs virus scanner)
Surveillance Cameras Made by China Are Hanging All Over the U.S.
The Memphis police use the surveillance cameras to scan the streets for crime. The U.S. Army uses them to monitor a base in Missouri. Consumer models hang in homes and businesses across the country. At one point, the cameras kept watch on the U.S. embassy in Kabul.
All the devices were manufactured by a single company, Hangzhou Hikvision Digital Technology. It is 42%-owned by the Chinese government.

But will it help locate or identify people who go off their meds?
First Digital Pill Approved to Worries About Biomedical ‘Big Brother’
For the first time, the Food and Drug Administration has approved a digital pill — a medication embedded with a sensor that can tell doctors whether, and when, patients take their medicine.
The approval, announced late on Monday, marks a significant advance in the growing field of digital devices designed to monitor medicine-taking and to address the expensive, longstanding problem that millions of patients do not take drugs as prescribed.
… Ameet Sarpatwari, an instructor in medicine at Harvard Medical School, said the digital pill “has the potential to improve public health,” especially for patients who want to take their medication but forget.
But, he added, “if used improperly, it could foster more mistrust instead of trust.”
Patients who agree to take the digital medication, a version of the antipsychotic Abilify, can sign consent forms allowing their doctors and up to four other people, including family members, to receive electronic data showing the date and time pills are ingested.
A smartphone app will let them block recipients anytime they change their mind. Although voluntary, the technology is still likely to prompt questions about privacy and whether patients might feel pressure to take medication in a form their doctors can monitor.
Dr. Peter Kramer, a psychiatrist and the author of “Listening to Prozac,” raised concerns about “packaging a medication with a tattletale.”
While ethical for “a fully competent patient who wants to lash him or herself to the mast,” he said, “‘digital drug’ sounds like a potentially coercive tool.”


Of course. If organizations can’t be forced to comply with regulations, they could be sued into compliance?
Air Force Could Face Record Lawsuits Over Mass Shooting
The Air Force faces many millions of dollars in potential liability for the mass shooting at a small-town church in Texas earlier this month by a former servicemember, legal experts say.
“I think it’s almost inevitable that the Air Force will be sued,” said retired Lt. Gen. Richard Harding, former judge advocate general of the service. “And I think there’s a case that can be made, you bet.”

I had my Computer Security students “help Bill” design a hypothetical data center. This could be even more fun!
… Somewhere near the White Tank Mountains in Arizona, there’s a 24,800-acre stretch of land that will soon be called Belmont. According to property records reviewed by the Arizona Republic, the mostly uninhabited area was recently purchased by investment firm Belmont Properties LLC, a company that is controlled by Cascade Investment, a holding company controlled by Bill Gates. Yes, that’s a lot of layers distancing the ownership of the soon-to-be boom town.
… According to the Arizona Republic, the area will contain “as many as 80,000 homes, 3,800 acres of industrial, office and retail space, 3,400 acres of open space and 470 acres for public schools.”
… Many of the towns built in the US in the early 20th century were owned virtually top to bottom by the company that employed the citizens. Residents worked for the company, bought goods from the company store, and paid the company for their homes. It was a great setup for the company because it could take back in all of the money it paid out and it often owned the local government. Working conditions were usually pretty terrible.

Perspective. Just like TV in the 1960s, except streaming online.
… Citing several “executives familiar with the conversations,” AdAge claims that the push to bring a version of Prime that includes commercials is well underway. “Amazon is talking about giving content creators their own channels, and sharing ad revenue in exchange for a set number of hours of content each week,” one of the sources said.

Perspective. Moving toward easier online services?
Skype’s new Professional account lets online tutors manage bookings, accept payments, and more
Skype is introducing a new version of its telecommunications app geared toward online tutors and small businesses.
Known as the Skype Professional Account, the new service will initially only be available on desktop and will be landing shortly in preview for U.S. users, who can apply for early access now.
… In the longer-term, Skype will likely charge Professional users for the privilege of using the turbocharged app, but during its early-stage preview it will be completely free to use.

Monday, November 13, 2017

This is another hack-back. I would not assume every subscriber is a terrorist.
Waqas reports:
A group of Muslim hacktivists from Ahlus Sunnah Wal Jamaah, the Sunni sect of Islam and going by the online handle of Di5s3nSi0N hacked the official website of ISIS/ISIL (Daesh) and leaked a list of more than 2000 people who had subscribed to the site’s newsletter and updates through email.
A week ago, the targeted website Amaq which also works as a news agency for the terrorist organization claimed that it was facing increasing cyber attacks against the agency and that it has increased its security and now their admins can tackle “any type of hack.”
Read more on HackRead.
Note that HackRead’s headline at the time of this posting says that the hack exposed “20,000 subscribers list,” but according to the story, that headline number should probably be 2,000.

Every time it happens, you promote the most nearly “operationally ready” project.
Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core
… Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.
… With a leak of intelligence methods like the N.S.A. tools, Mr. Panetta said, “Every time it happens, you essentially have to start over.”
Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.

Something the FBI will need.
Hackers Say They've Broken Face ID a Week After iPhone X Release
When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

Privacy Fears Over Artificial Intelligence as Crimestopper
Police in the US state of Delaware are poised to deploy "smart" cameras in cruisers to help authorities detect a vehicle carrying a fugitive, missing child or straying senior.
The video feeds will be analyzed using artificial intelligence to identify vehicles by license plate or other features and "give an extra set of eyes" to officers on patrol, says David Hinojosa of Coban Technologies, the company providing the equipment.
The program is part of a growing trend to use vision-based AI to thwart crime and improve public safety, a trend which has stirred concerns among privacy and civil liberties activists who fear the technology could lead to secret "profiling" and misuse of data.

Something for my Data Management class.
Government Printing, Publications, and Digital Information Management: Issues and Challenges
“In the past half-century, in government and beyond, information creation, distribution, retention, and preservation activities have transitioned from a tangible, paper-based process to digital processes managed through computerized information technologies. Information is created as a digital object which then may be rendered as a text, image, or video file. Those files are then distributed through a myriad of outlets ranging from particular software application and websites to social media platforms. The material may be produced in tangible, printed form, but typically remains in digital formats. The Government Publishing Office (GPO) is a legislative branch agency that serves all three branches of the national government as a centralized resource for gathering, cataloging, producing, providing, authenticating, and preserving published information. The agency is overseen by the Joint Committee on Printing (JCP) which in 1895 was charged with overseeing and regulating U.S. government printing. GPO operates on the basis of a number of statutory authorities first granted in the 19th and 20th centuries that presume the existence of government information in an ink-on-paper format, because no other format existed when those authorities were enacted. GPO’s activities include the Federal Depository Library Program (FDLP), which provides permanent public access to published federal government information, and which last received legislative consideration in 1962. In light of the governance and technological changes of the past four decades, a relevant question for Congress might arise: To what extent can decades-old authorities and work patterns meet the challenges of digital government information? For example, the widespread availability of government information in digital form has led some to question whether paper versions of some publications might be eliminated in favor of digital versions, but others note that paper versions are still required for a variety of reasons. Another area of concern focuses on questions about the capacity of current information dissemination authorities to enable the provision of digital government information in an effective and efficient manner. With regard to information retention, the emergence of a predominantly digital FDLP may raise questions about the capacity of GPO to manage the program given its existing statutory authorities. These questions are further complicated by the lack of a stable, robust set of digital information resources and management practices like those that were in place when Congress last considered current government information policies. The 1895 printing act was arguably an expression of the state of the art standard of printing technology and provided a foundation which supported government information distribution for more than a century. By contrast, in the fourth or fifth decade of transitioning from the tangible written word to ubiquitous digital creation and distribution, the way ahead is not as clear, due in part to a lack of widely understood and accepted standards for managing digital information. This report examines three areas related to the production, distribution, retention and management of government information in a primarily digital environment. These areas include the Joint Committee on Printing; the Federal Depository Library Program; and government information management in the future.”

Keeping score?
CNN – Deadliest Mass Shootings in Modern US History Fast Facts
CNN – “Here is a list of the deadliest single day mass shootings in US history from 1949 to the present. If the shooter was killed or committed suicide during the incident that death is not included in the total.”
See also Study: Gun deaths, injuries in California spike following Nevada gun shows: “More than 4,000 gun shows are held annually in the U.S., and gun shows account for 4 to 9 percent of annual firearm sales. Some gun shows draw thousands of attendees and hundreds of sellers, whose transactions may not be subject to vigorous oversight. Some of these transactions are between private parties and do not involve a background check. Research has shown that firearms from gun shows are disproportionately implicated in crimes. California has some of the strongest firearm laws in the country, including a comprehensive set of statutes regulating gun shows. Nevada has some of the least restrictive firearm laws in the country and no explicit regulations on gun shows.
“Our study suggests that California’s strict regulations — on firearms, generally, and on gun shows, specifically — may be effective in preventing short-term increases in firearm deaths and injuries following gun shows,” said the study’s lead author, Ellicott Matthay, a Ph.D. student in UC Berkeley’s School of Public Health.
Study finds 3M Americans carry a loaded handgun daily – “Approximately 9 million handgun owners in the United States carry loaded handguns on a monthly basis—about 7 million of whom have concealed carry permits—while 3 million report carrying on a daily basis. These are among the findings from a new study led by Northeastern professor Matthew Miller and his colleagues, published Thursday afternoon in the American Journal of Public Health. The study is the first of its kind in more than 20 years to assess why and how often gun owners carry their loaded firearms…”

(Related). Also an article my Data management students should read.
FBI database for gun buyers missing millions of records
FBI database for gun buyers missing millions of records by WaPo’s Devlin Barrett, Sandhya Somashekhar and Alex Horton: “The FBI’s background-check system is missing millions of records of criminal convictions, mental illness diagnoses and other flags that would keep guns out of potentially dangerous hands, a gap that contributed to the shooting deaths of 26 people in a Texas church this week. Experts who study the data say government agencies responsible for maintaining such records have long failed to forward them into federal databases used for gun background checks – systemic breakdowns that have lingered for decades as officials decided they were too costly and time-consuming to fix… The FBI said it doesn’t know the scope of the problem, but the National Rifle Association says about 7 million records are absent from the system, based on a 2013 report by the nonprofit National Consortium for Justice Information and Statistics.”

Something for my geeks and gamers?
Everyone’s betting on artificial intelligence. While some are warning that AI poses serious risks, the fact is that artificial intelligence programming is where many careers are headed.
The good news is that you can jump into AI programming with widely popular languages like Python, Java, C++, and even older languages like Lisp, so get back to the screen and see if your skills are sharp enough to make your mark in this budding and buzzing field.
In other words, put your skills to the test in this AI programming challenge — fly around a virtual universe, send ships to mine planets, and grow larger fleets to defeat your opponents.

All my students should already know about these.
Tools and Tips to Help Students With the Writing Process
There are so many tools that will help students with the writing process. Some of these tools help organize research while others help students organize their thoughts or locate grammatical errors.
Grammarly- Detect spelling, context, and grammatical errors.
EasyBib- Generate citations and see the credibility of sites you are using.
Diigo- Collect, organize and annotate resouces. Create an outline using the resources you have gathered.
Cite This for Me- Automatically create citations in the most popular citation styles.
Highlight Tool- This is an add-on for Google Docs that can be used to organize essays, categorize facts, and emphasize different sections of a document.

Just a heads-up for ALL my students.

Sunday, November 12, 2017

Failure to follow procedure or failure to have a procedure?
India Ashok reports:
Over one million users’ personal and financial data was inadvertently publicly exposed by US-based ride hailing firm Fasten. The leaked data includes names, emails, phone numbers, credit card data, links to photos, device IMEI numbers, GPS data and users’ taxi routes.
The firm also exposed sensitive information of its own drivers, including drivers’ car registration and license plate records as well as detailed individual profiles. According to Kromtech security researchers, who uncovered the breach, the data exposure was caused by an unsecured Apache Hive database.
Read more on IBT.
[From the article:
"We have already taken steps to update our security protocols to ensure this does not happen again. In this instance, old production data was uploaded to the test cluster by mistake. Going forward, these processes will be managed only by security engineers with specific expertise in this area," Borgan added.

Discovery, debate and analysis continues.
Instagram, Meme Seeding, and the Truth about Facebook Manipulation, Pt. 1
… My conclusion: Instagram is a major distributor and re-distributor of IRA propaganda that’s at the very least on par with Twitter. In my opinion, the platform is far more impactful than Twitter for content-based “meme” engagement — especially for certain minority segments of the American population.

Most useful math tools.
Integration – Desmos & WolframAlpha